<?php

    include_once '../config.php';

    $login = $_POST['login'];
    $pass  = sha1(strtoupper($login) . ':' . $_POST['password']);

    $sql = "SELECT * FROM user WHERE login = '" . $login . "' AND password = '" . $pass . "'";
    $result = mysql_query($sql);

    if (mysql_num_rows($result) > 0) {
        $data = mysql_fetch_array($result);

        $g_id       = $data['user_id'];
        $g_user     = $data['login'];
        $g_password = $data['password'];
        $g_vname    = $data['vorname'];
        $g_name     = $data['name'];
        $g_time = time() + 2678400;

        setcookie('ID', $g_id, $g_time, '/');
        setcookie('USER', $g_user, $g_time, '/');
        setcookie('PW', $g_password, $g_time, '/');
        setcookie('VNAME', $g_vname, $g_time, '/');
        setcookie('NNAME', $g_name, $g_time, '/');

        $loginIsValid = true;
    } else {
        $loginIsValid = false;
    }

    if ($loginIsValid) {
        setcookie('LOG','true',$g_time,'/');
        $ip       = getenv ("REMOTE_ADDR");
        $time_log = date('Y-m-d H:i:s');

        $sql = "UPDATE user SET last_login = '" . $time_log . "', last_ip = '" . $ip . "' WHERE user_id = " . $g_id;
        mysql_query($sql);

        header('Location: ../home.php');
     } else {
        header('Location: ../index.php?log=f');
     }

 ?>
